Labels

Monday, August 27, 2012

SMS Security Flaw Affects only Apple's iPhone and iOS Devices

A week ago, I wrote about the SMS security flaw discovered on Apple's iPhone which could be used be used to make it appear that the SMS one sender, and when you reply send the SMS to a mobile number different from the one that is displayed on phones screen.

Apple responded by suggesting the SMS is not a secure form or communication and the flaw was with SMS itself, and suggested using iMessage instead. iMessage is basically an instant messaging application which can be used to communicate with other Apple devices.

"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS." (Source: Engadget).

"We have tested this issue on Android, Windows Mobile, BlackBerry, and Symbian phones," said Cathal McDaid, security consultant at AdaptiveMobile, in a statement to CNET, "and most of them simply ignore the 'reply address' field or display both the 'real' originating address and the reply address as per the specification recommendations.

"The iPhone, so far," he continued, "is the only device which does not comply with these security recommendations."